Security+ opens the door to your cybersecurity career!
CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career
Why is it different?
More choose Security+ – chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.
Security+ proves hands-on skills – the only baseline cybersecurity certification emphasizing hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today’s complex issues.
More job roles turn to Security+ to supplement skills – baseline cybersecurity skills are applicable across more of today’s job roles to secure systems, software and hardware.
Security+ is aligned to the latest trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.
Two people looking at many monitors.
About the exam
New CompTIA Security+ (SY0-601) exam launches November 12, 2020!
CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:
Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
Monitor and secure hybrid environments, including cloud, mobile, and IoT
Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
Identify, analyze, and respond to security events and incidents
Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.
What Skills Will You Learn?
HARDWARE – Attacks, Threats and Vulnerabilities
Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events.
SECURITY – Architecture and Design
Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.
HARDWARE & NETWORK TROUBLESHOOTING
Implementation Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.
WINDOWS OPERATING SYSTEMS – Operations and Incident Response
Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.
SOFTWARE TROUBLESHOOTING – Governance, Risk and Compliance
Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.
Jobs that use CompTIA Security+
Security Administrator
Systems Administrator
Helpdesk Manager / Analyst
Network / Cloud Engineer
Security Engineer / Analyst
DevOps / Software Developer
IT Auditors
IT Project Manage
Exam Codes SY0-501 SY0-601
Launch Date October 4, 2017 November 12, 2020
Exam Description:
The CompTIA Security+ exam will certify the successful candidate has the knowledge and skills required to install and configure systems to secure applications, networks, and devices; perform threat analysis and respond with appropriate mitigation techniques; participate in risk mitigation activities; and operate with an awareness of applicable policies, laws, and regulations. The successful candidate will perform these tasks to support the principles of confidentiality, integrity, and availability. The CompTIA Security+ certification exam will verify the successful candidate has the knowledge and skills required to assess the security posture of an enterprise environment and recommend and implement appropriate security solutions; monitor and secure hybrid environments, including cloud, mobile, and IoT; operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance; identify, analyze, and respond to security events and incidents
Number of Questions Maximum of 90 questions
Type of Questions Multiple choice and performance-based
Length of Test 90 minutes
Passing Score 750 (on a scale of 100-900)
Recommended Experience CompTIA Network+ and two years of experience in IT administration with a security focus
Languages English, Japanese, Portuguese and Simplified Chinese English, Japanese
Retirement July 31, 2021
Usually three years after launch
IT certifications show employers that candidates have the knowledge and skills they need to do the job, and they help IT pros advance in their careers. As cybersecurity has become a critical function, cybersecurity certifications are among the most popular IT certifications globally. More than 500,000 IT pros have earned CompTIA Security+, and the soon-to-be-released 2020 IT Skills and Salary Report includes CompTIA Security+ among the top 10 cybersecurity certifications.
CompTIA Security+ is chosen by more employers than any other IT certification to prove hands-on core cybersecurity skills and fulfills U.S. Department of Defense (DoD) 8570 compliance. As the need to secure more systems, software and hardware grows, more IT job roles are now turning to CompTIA Security+ to supplement cybersecurity skills.
IT Jobs Related to CompTIA Security+
As you may know, the next version of CompTIA Security+ (SY0-601) will launch in November 2020. CompTIA updates its certifications every three years to keep up with evolving technology so your skills are relevant and you stay up to date on the latest technologies.
As cyberattacks continue to grow, more IT job roles are tasked with baseline security readiness and responding to address today’s cyberthreats. Updates to CompTIA Security+ reflect those skills and prepare you to be more proactive in preventing the next cyberattack.
The primary CompTIA Security+ job roles remain the same, as the core security skills’ requirements for those jobs have not largely changed over time:
Security Administrator – Systems Administrator
Actualkey CompTIA Security+ SY0-601 Exam pdf, Certkingdom CompTIA Security+ SY0-601 PDF
Best CompTIA Security+ SY0-601 Certification, CompTIA Security+ SY0-601 Training at certkingdom.com
But the following IT job roles can also benefit from a CompTIA Security+ cybersecurity certification:
Help Desk Manager/Analyst
Network Engineer
Cloud Engineer
IT Auditor
Security Officer
Information Security Manager
IT Project Manager
DevOps/Software Developer
And even though CompTIA Security+ covers more foundational cybersecurity skills, it sets IT pros up for success in these more advanced cybersecurity job roles:
Cybersecurity Analyst
Security Engineer
Security Architect
CompTIA Security+ 501 vs 601
CompTIA Security+ addresses the latest cybersecurity trends and techniques – covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations and security controls, ensuring high performance on the job. Let’s break down some of the highlights.
CompTIA Security+ 501 vs. 601 Exam Domains
The CompTIA Security+ (SY0-601) exam now covers five major domains instead of six, guided by a maturing industry job role.
CompTIA Security+ 501 Exam Domains
&
CompTIA Security+ 601 Exam Domains
Threats, Attacks and Vulnerabilities (21%)
Technologies and Tools (22%)
Architecture and Design (15%)
Identity and Access Management (16%)
Risk Management (14%)
Cryptography and PKI (12%)
Attacks, Threats and Vulnerabilities (24%)
Architecture and Design (21%)
Implementation (25%)
Operations and Incident Response (16%)
Governance, Risk and Compliance (14%)
CompTIA Security+ 601 focuses on the most up-to-date and current skills needed for the following tasks:
Assess the cybersecurity posture of an enterprise environment
Recommend and implement appropriate cybersecurity solutions
Monitor and secure hybrid environments
Operate with an awareness of applicable laws and policies
Identify, analyze and respond to cybersecurity events and incidents
CompTIA Security+ 501 vs. 601 Exam Objectives
IT careers are made here – click to subscribe and get a 10% discount on CompTIA products
Although the exam objectives document is longer, the new exam actually has fewer objectives. CompTIA Security+ (SY0-601) has 35 exam objectives, compared to 37 on SY0-501. The difference is that the exam objectives for SY0-601 include more examples under each objective – the number of examples increased by about 25%.
This was intentional to help you better understand the meaning of each exam objective. The more examples and details we provide, the more helpful the exam objectives are for IT pros to prepare for their certification exam and, ultimately, the job itself.
But remember, exam objectives are not exhaustive: you may encounter other examples of technologies, processes or tasks on the exam. The exam questions are not based on these bulleted examples, but on the overarching exam objectives themselves. CompTIA is constantly reviewing exam content and updating questions to ensure relevance and exam integrity.
How CompTIA Security+ Evolves with the Industry
In a field like cybersecurity, where the job is continually evolving, CompTIA exam domains need to reflect what’s happening in the industry. The following table explains why we updated the CompTIA Security+ exam domains and how they relate to job
Exam Domain
Description
How It Applies to IT Jobs
Attacks, Threats and Vulnerabilities
Includes attacks, threats and vulnerabilities from IoT and embedded devices, newer DDoS attacks and social engineering.
According to Accenture, 68% of business leaders feel their cybersecurity risks are increasing. To combat these emerging threats, IT pros must help identify cyberattacks and vulnerabilities to mitigate them before they infiltrate information systems.
Architecture and Design
Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks (on-premises and cloud).
To maintain a strong cybersecurity posture and to support hybrid environments, IT pros must understand secure virtualization, secure application deployment and automation concepts.
Implementation
Includes a focus on administering identity, access management, basic cryptography, PKI, wireless and end-to-end security.
To support organizational cybersecurity, IT pros must identify and implement the best protocols and encryption for a particular network/cloud design, mobile solution or wireless setting, for example.
Operations and Incident Response
Includes organizational security assessments and incident response procedures, such as detection, mitigation and basic digital forensics of incidents.
To support operations and the influx of recent cyberattacks, IT pros are called upon to perform incident response earlier in their careers. They must be able to apply basic mitigation techniques and security controls to protect systems.
Governance, Risk and Compliance
Includes how to support basic organizational risk management, security controls and teamwork to support regulations such as PCI-DSS, SOX, HIPAA, GDPR, NIST and CCPA.
In a recent survey of CompTIA certification holders, nearly 60% reported an increase in compliance tasks. To support governance, risk and compliance, IT pros must understand compliance security controls, how they reduce risk and how to implement them to improve cybersecurity posture.
How to Train for CompTIA Security+
It may seem like CompTIA Security+ covers a lot of ground, but don’t worry, we’ve got you! CompTIA offers training solutions, including study guides, online self-study tools and instructor-led courses, that are designed to cover what you need to know for your CompTIA exam. No other content library covers all exam objectives for all certifications.
CompTIA training solutions help you prepare for your CompTIA certification exam with confidence. Whether you are just starting to prepare and need comprehensive training with CompTIA CertMaster Learn, want to apply your knowledge hands-on with CompTIA Labs, need a final review with CompTIA CertMaster Practice or need to renew your certification with CompTIA CertMaster CE, CompTIA’s online training tools have you covered.
QUESTION 1
Which of the following will MOST likely adversely impact the operations of unpatched traditional
programmable-logic controllers, running a back-end LAMP server and OT systems with human-management
interfaces that are accessible over the Internet via a web interface? (Choose two.)
A. Cross-site scripting
B. Data exfiltration
C. Poor system logging
D. Weak encryption
E. SQL injection
F. Server-side request forgery
Correct Answer: DF
QUESTION 2
A company recently transitioned to a strictly BYOD culture due to the cost of replacing lost or damaged
corporate-owned mobile devices. Which of the following technologies would be BEST to balance the BYOD
culture while also protecting the company’s data?
A. Containerization
B. Geofencing
C. Full-disk encryption
D. Remote wipe
Correct Answer: C
QUESTION 3
A Chief Security Office’s (CSO’s) key priorities are to improve preparation, response, and recovery practices to
minimize system downtime and enhance organizational resilience to ransomware attacks.
Which of the following would BEST meet the CSO’s objectives?
A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.
B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization’s susceptibility to phishing attacks.
D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.
Correct Answer: D
QUESTION 4
A network engineer has been asked to investigate why several wireless barcode scanners and wireless
computers in a warehouse have intermittent connectivity to the shipping server. The barcode scanners and
computers are all on forklift trucks and move around the warehouse during their regular use. Which of the
following should the engineer do to determine the issue? (Choose two.)
A. Perform a site survey
B. Deploy an FTK Imager
C. Create a heat map
D. Scan for rogue access points
E. Upgrade the security protocols
F. Install a captive portal
Correct Answer: AC
QUESTION 5
A security administrator suspects an employee has been emailing proprietary information to a competitor.
Company policy requires the administrator to capture an exact copy of the employee’s hard disk.
Which of the following should the administrator use?
A. dd
B. chmod
C. dnsenum
D. logger
Correct Answer: A